The container with all the passwords is only decrypted in my browser?
2FA authentication is very nice for Nextcloud because you can login from non-trusted computers. Doing this on an account with a password manager could be a bad idea because this might leak your passwords?
Yes, the passwords are encrypted and decrypted client side.
Your vault key is never send to the server, not even when you share passwords.
2FA authentication is very nice for Nextcloud because you can login from non-trusted computers. Doing this on an account with a password manager could be a bad idea because this might leak your passwords?
You mean the ability to generate the one time password for eg Google / Github?
No, I thought that I’m logging to my Nextcloud account at the hotel lobby, I get my lousy password for the Nextcloud forum and some malicious app on this computer fishes also my amazon, github and whatever password from the passman app as well.
Credentials are stored in memory, when you leave the page they are gone.
I can implement a timeout timer, that will force you to login (to passman or nextcloud) after X minutes.